d5e9ccf1171f5f24addd7f454eb758f4b0921b94da3097ce540d9f9f25e6f5bd

Resubmissions

05/10/2022, 13:11

221005-qfb9tsedb9 1

04/10/2022, 16:13

221004-tpg38abgep 3

Analysis

max time kernel
150s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 16:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Flux.app/Contents/Resources/Base.lproj/MainMenu.nib/keyedobjects-101300.nib
Size

59KB
MD5

7ba8e52e4067f4d56b617af3c3d4ed30
SHA1

bed7b90694e906314681c1dd9c5a3d9fb31934e4
SHA256

87c4fec46e1b01e791ff25ed75b6dfb0e19e43661c86bbe40a89fc8a9400721c
SHA512

04d70d3ccaa0a795aa931d8cdb6b5fd81178425d7cd287bfb5e7f6143c38800b329cb40c74a043cd44e3fb20133380e8890ddd8580d478f67fb9c01c557701fb
SSDEEP

768:3/f6b50o90/EfD8S0U1xRUYyuJ0OfnwYyIcXlq1T2YCJSly4We2rgzERV7f60V2z:6N0o90/H4xK1kCqge2GERVD60V27mCv

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2748	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Flux.app\Contents\Resources\Base.lproj\MainMenu.nib\keyedobjects-101300.nib
1⤵
- Modifies registry class
PID:924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads